This weekend, former Gizmodo writer Mat Honan lived every tech geeks worst nightmare: he got hacked, with all his accounts compromised and his computers wiped with no backup. The scary part: No "real" hacking was involved—all it took was a few support calls to Apple and Amazon and nearly all his most important accounts were compromised. Here's everything you need to do now to keep this from happening to you.

Gizmodo alumnus Mat Honan got hacked this weekend. It was bad. But that's not the worst part.…
Read more Read more

What Happened

The person who hacked Mat's accounts didn't need to crack any passwords to get in. Instead, he used social engineering, manipulating both Apple tech support and Amazon into believing they were Mat (something that's easier than you might imagine). Apple and Amazon only require limited, easily accessible information, including billing address, email, and the last four digits of a credit card (which sounds more difficult to access than it was) before allowing anyone to change or reset user accounts. Once the hacker had access to Mat's iCloud account, he was able to get into Mat's Gmail and other accounts, not to mention wipe his iPhone, iPad, and Mac, setting a PIN that kept Mat from recovering any of that data.

What happened to Mat was awful, but we should all take this as a cautionary tale to not only set up good security and backups, but to take heed of security flaws in services like iCloud. Here's what you should do right now to protect yourself from a similar incident.

Audit Your Insecure Services (Like iCloud)

The biggest problem in Mat's breach was that there were some serious security flaws in Apple and Amazon that let the intruder right into his accounts. In his Wired piece on the hack, Mat details some of the things you can do to avoid a similar issue with iCloud. Namely, you should create a separate Apple ID for your iCloud account, turn off remote wipe for your computers, and don't attach your home address to anything public, like your personal domain name.

Takeaway lesson: Some services, like iCloud, don't have the security features they should have. As such, make sure you don't give them too much power, and don't connect them with your secure accounts like Gmail—one weak link in the chain can bring everything crashing down.

When something like a password database compromise happens, it's a good time to reassess your…
Read more Read more

Enable Two-Factor Authentication to Ensure No One Gets In

Mat didn't have his passwords "hacked" in the traditional sense of the word, so even with strong passwords, his accounts still would have been compromised. However, two-factor authentication could have stopped the whole thing from happening. Two-factor auth requires something you know (your password) and something you have (your phone), so when an intruder types in your password, she won't be let in unless she also types in a code sent to or generated by your phone, which only you have.

Takeaway lesson: Set up two-factor authentication on every account you can, like Google, Facebook, and other high-profile services. It's one of the best ways to protect yourself against any kind of breach.

Facebook has launched a new "login approvals" feature that can further secure your…
Read more Read more

Strengthen Your Password Recovery Options

Even if your passwords are different across all services, you're done for if a hacker gets into your email. With access to your email, they can reset your password on any other service you want, which is why you should consider using a non-primary email address for password resets and other recovery options. Setting up a Gmail or Outlook account is free, and you can have as many as you want, so set up a new email address and change all your recovery options to go to that mailbox instead—if someone ever gets into your email, you'll be glad you did.

Back Up Your Data

By far the worst factor in Mat's breach was that he didn't have any of his data backed up. He lost a year and a half worth of photos, emails, and documents when his computer was wiped with no way to get it back. You've heard us say it a billion times, but if you haven't started backing up your data, let this be a wake up call: data loss can happen at any time for any reason, and you don't want to be kicking yourself down the road. Take 30 minutes and set up a program like Crashplan, our favorite backup app for Windows, Mac, and Linux. When you're done, you can just set it and forget it, and you'll have that backup in case anything ever goes wrong.